ATS does not cache S3 requests with an Authorization header

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ATS does not cache S3 requests with an Authorization header

Benjamin Morel
Hi guys, I'm using ATS as a forward proxy, to provide a local cache to my application.
When accessing a private file on Amazon S3, an Authorization header is sent, and ATS does not cache the response.

This is clearly documented:

By default, Traffic Server does not cache objects with the following request headers:
Authorization
Cache-Control: no-store
Cache-Control: no-cache
To configure Traffic Server to ignore this request header, refer to Configuring Traffic Server to Ignore Client no-cache Headers.

I followed the only suggestion in the documentation:

CONFIG proxy.config.http.cache.ignore_client_no_cache INT 1

But this still does not make it ignore the Authorization header, as far as I can see.
Plus, I do not want to ignore the Cache-Control header, just Authorization.

Is there a configuration entry to make ATS ignore the Authorization header?

Thanks in advance,
Benjamin
Reply | Threaded
Open this post in threaded view
|

Re: ATS does not cache S3 requests with an Authorization header

Leif Hedstrom


On Dec 6, 2017, at 7:11 AM, Benjamin Morel <[hidden email]> wrote:

Hi guys, I'm using ATS as a forward proxy, to provide a local cache to my application.
When accessing a private file on Amazon S3, an Authorization header is sent, and ATS does not cache the response.

This is clearly documented:

By default, Traffic Server does not cache objects with the following request headers:
Authorization
Cache-Control: no-store
Cache-Control: no-cache
To configure Traffic Server to ignore this request header, refer to Configuring Traffic Server to Ignore Client no-cache Headers.

I followed the only suggestion in the documentation:

CONFIG proxy.config.http.cache.ignore_client_no_cache INT 1

But this still does not make it ignore the Authorization header, as far as I can see.
Plus, I do not want to ignore the Cache-Control header, just Authorization.

Is there a configuration entry to make ATS ignore the Authorization header?


Well, with CC: no-store, no-cache, ATS is not going to write to cache (and not serve out of cache). It also doesn’t know how long to cache even if you did remove those (unless you enable the lifetime heuristic options).

That much said, for the Authorization part, you likely have to do

CONFIG proxy.config.http.cache.ignore_authentication INT 1

— Leif


Reply | Threaded
Open this post in threaded view
|

Re: ATS does not cache S3 requests with an Authorization header

Benjamin Morel
Thanks for your reply.

Well, with CC: no-store, no-cache, ATS is not going to write to cache (and not serve out of cache). It also doesn’t know how long to cache even if you did remove those (unless you enable the lifetime heuristic options).

There is no Cache-Control header in the S3 response, I copy/pasted the doc because it puts Authorization and Cache-Control in the same basket.
There is no Expires either in this response, but there is an Etag and a Last-Modified. I would therefore expect ATS to revalidate every request with If-None-Match / If-Modified-Since, but it doesn't.

CONFIG proxy.config.http.cache.ignore_authentication INT 1

I just tried this one, but unfortunately ATS still does not revalidate. No If-None-Match / If-Modified-Since headers in the log, cache MISS every time.
Reply | Threaded
Open this post in threaded view
|

Re: ATS does not cache S3 requests with an Authorization header

Benjamin Morel

CONFIG proxy.config.http.cache.ignore_authentication INT 1

I just tried this one, but unfortunately ATS still does not revalidate. No If-None-Match / If-Modified-Since headers in the log, cache MISS every time.

Actually it does work, but I had to use it together with:

CONFIG proxy.config.http.cache.required_headers INT 0

Probably because of the missing Cache-Control header. So thanks a lot Leif!